System not stable after updating to 2.7.0

jeremyjay46

Hello all, first time poster here. About a year ago, I built my PFS router and it has been fantastic. I had 338 days of consecutive uptime. However, since updating to 2.7.0, it seems to only run a few days and then I lose all connectivity. When connecting the monitor, the errors are shown as:
CAM status: CCB request completed with an error
Retrying command, x more tries remain

Rebooting always brings it back up. I'm running it on a Citrix Netscaler box with an Intel Atom processor and onboard flash (16gb). I have done a full reformat and reinstall but this occasional issue still pops up since the 2.7.0 update. Is my onboard flash dying? Is there more useful information I can provide? I'm by no means an expert on PFS or Linux.

Thank you much

stephenw10

That is a drive or drive controller error, yes.

Are there any other error log lines shown? I would expect to see a few lines for each error

Steve

jeremyjay46

@stephenw10 Steve, thank you for the response. Which error log should I check? I did check the System Logs in PFS, and you can see the results below. Nothing significant as far as I know? You can see when it stopped reporting overnight to when I rebooted it.

Sep 20 02:22:00 sshguard 98496 Now monitoring attacks.
Sep 20 02:52:00 sshguard 98496 Exiting on signal.
Sep 20 02:52:00 sshguard 90870 Now monitoring attacks.
Sep 20 03:28:00 sshguard 90870 Exiting on signal.
Sep 20 03:28:00 sshguard 33199 Now monitoring attacks.
Sep 20 12:43:13 syslogd kernel boot file is /boot/kernel/kernel
Sep 20 12:43:13 kernel ---<<BOOT>>---

stephenw10

I would look at the console. If the drive is failing it may not be able to log errors at that point.

jeremyjay46

@stephenw10 Good point. I guess if the flash drive is failing I can either attach an external HD or run off a thumb drive (not preferred). It's odd this happened along with an update, but I'm sure this Citrix box had it's fair amount of use prior. Maybe I'll see if I can find some linux commands that can give me more info on the drive's health.

stephenw10

It is relatively common to see failures of this type at upgrade. Often because that's the only time firewall get rebooted.

At every new release there are always a few tickets claiming it broke hardware but that's almost never the case.

If you run from a USB flash drive be sure to not use SWAP and enable RAM disks after install. Otherwise you will burn through the write cycles in short order.

Steve

jeremyjay46

@stephenw10 Would it make sense to enable RAM disks anyway, since this eMMC seems to be nearing it's death? Any drawbacks? Thank you again for the assistance.

stephenw10

Yes, I would.
Somethings do not work well (or at all!) with RAM disks, notably large packages like Snort, Suricata or Squid. Though they can be tuned to work if needed.
You lose some data if the firewall crashes and will not see a crash report usually.
I run ram disks here on a number of systems.

Steve

jeremyjay46

@stephenw10 Sounds good. I have 16gb RAM and only typically use a tiny percentage of it, and I don't use those packages, so I'll take advantage.